TM

E C SP

Page 1
EC-Council Certified Secure Programmer

EC-Council Certified
Secure Programmer
http://www.eccouncil.org
http://www.eccouncil.org EC-Council
EC-Council
 TM

E C SP
EC-Council Certified Secure Programmer
Page 2

Course Description
EC-Council Certified Secure Programmer lays the basic foundation required by all application devel-
opers and development organizations to produce applications with greater stability and posing lesser
security risks to the consumer. The Certified Secure Application Developer standardizes the knowledge
base for application development by incorporating the best practices followed by experienced experts in
the various domains.

The distinguishing aspect of ECSP is that unlike vendor or domain specific certifications, it exposes the
aspirant to various programming languages from a security perspective. This drives greater appreciation
for the platform / architecture / language one specializes on as well as an overview on related ones.

Who Should Attend

The ECSP certification is intended for programmers who are responsible for designing and building
secure Windows/Web based applications with .NET/Java Framework. It is designed for developers who
have C#, C++, Java, PHP, ASP, .NET and SQL development skills.

Prerequisites
You must have programming fundamental knowledge.

Duration
5 days (9:00 – 5:00)

http://www.eccouncil.org EC-Council
 Certification
The ECSP 312-92 exam will be conducted on the last day of training. Students need to pass the online

Page 3
Prometric exam to receive the ECSP certification.

Course Outline v2

Module I: Introduction to Secure Coding

Software Security Scenario
Secure Coding
Common Security Mistakes
Why Security Mistakes Are Made
Need for Secure Programming
Building Blocks of Software Security
Types of Security Vulnerabilities
Vulnerability Cycle
Types of Attacks
Hackers and Crackers or Attackers
Risk Assessment and Threat Modeling
STRIDE Threat Model
Common Criteria
Security Architecture
Security Principles
Secure Development Checklists
Use of Privilege
o Data, Configuration, and Temporary Files
o Network Port Use
o Audit Logs

http://www.eccouncil.org EC-Council
 o User-Server Authentication

Module II: Designing Secure Architecture

Introduction
Secure Architecture
Application Security
Factors Affecting Application Security
Software Engineering and System Development Life Cycle (SDLC)
Page 4

Different Phases of Software Development Life Cycle

o System Requirements
o Specifications
o Design
o Coding
o Testing
o Integration Testing
o Maintenance
Software Methodology Models
o Waterfall Model
o RAD (Rapid Application Development)
o JAD (Joint Application Development)
o Fountain Model
o Spiral Model
o Build and Fix
o Synchronize-and-Stabilize
Agile Methodologies
Extreme Programming (XP)

http://www.eccouncil.org EC-Council
 o XP Practices
o The Rules and Practices of Extreme Programming
Unified Modeling Language (UML)

Page 5
o Primary Goals
o Diagram
o UML Tool
• Rational Rose
Vulnerabilities and Other Security Issues in a Software Application
o Security Through Obscurity
o Buffer Overflows
o Format String Vulnerabilities/ Race Conditions
o Locking Problems
o Exception Handling
o Fundamentals of Control Granularity
o Concepts Of Fail Safe Design Strategies
o Fail Safe Design Strategies
• Fault Tolerance and Detection
• Fault Removal and Avoidance
o Input and Parameter Validation
o Encrypting Secrets in Memory and Storage
o Scrubbing Information
o Privilege Levels for Information Access
o Loose Coupling
o High Cohesion
o Change Management and Version Control
Best Practices for Software Development Projects

http://www.eccouncil.org EC-Council
 Module III: Cryptography
Introduction to Cryptography
o Encryption
o Decryption
Use of Cryptography
Classical Cryptographic Techniques
Modern Cryptographic Techniques
Page 6

Cipher
RSA (Rivest Shamir Adleman)
o Example of RSA Algorithm
o RSA Attacks
o RSA Challenge
o Implementation of RSA in C++
Data Encryption Standard (DES)
o DES Overview
o Implementation of DES in Java
RC4, RC5, RC6, Blowfish
o RC5
Blowfish Algorithm in C
Message Digest Functions
o One-way Bash Functions
o MD5
o Implementation of MD5 in Java
SHA (Secure Hash Algorithm)
o SHA Implementation in Java

http://www.eccouncil.org EC-Council
 SSL (Secure Sockets Layer)
What is SSH?

Page 7
o SSH (Secure Shell)
Algorithms and Security
Disk Encryption
Government Access to Keys (GAK)
Digital Signature
o Components of a Digital Signature
o Method of Digital Signature Technology
o Use of Digital Signature
o Digital Signature Standard
o Digital Signature Algorithm: Signature Generation/Verification
o Digital Signature Algorithms: ECDSA, ElGamal Signature Scheme
o Challenges and Opportunities
Digital Certificates
o Creating and Verifying a Simple XML Digital Signature in C#
o Cleversafe Grid Builder http://www.cleversafe.com/
PGP (Pretty Good Privacy)
CypherCalc
Command Line Scriptor
CryptoHeaven
Cryptanalysis
Cryptography Attacks
Brute-Force Attack
Use Of Cryptography

http://www.eccouncil.org EC-Council
 Module IV: Buffer Overflows
Buffer Overflows
Reasons for Buffer Overflow Attacks
Why are Programs/Applications Vulnerable?
Understanding Stacks
Understanding Heaps
Types of Buffer Overflows: Stack-based Buffer Overflow
Page 8

o A Simple Uncontrolled Overflow of the Stack

o Stack Based Buffer Overflows
Types of Buffer Overflows: Heap-based Buffer Overflow
o Heap Memory Buffer Overflow Bug
o Heap-based Buffer Overflow
How to Detect Buffer Overflows in a Program
o Attacking a Real Program
Defense Against Buffer Overflows
o Tool to Defend Buffer Overflow: Return Address Defender (RAD)
o Tool to Defend Buffer Overflow: StackGuard
o Tool to Defend Buffer Overflow: Immunix System
o Vulnerability Search – ICAT
o Valgrind
o Insure++
Buffer Overflow Protection Solution: Libsafe
o Comparing Functions of libc and Libsafe
Simple Buffer Overflow in C
o Code Analysis

http://www.eccouncil.org EC-Council
 Module V: Secure C and C++ Programming

Page 9
Introduction of C/C++
Vulnerable C/C++ Functions
o Strcpy()
o Strncat()
o Strncpy()
o Sprintf()
o Gets()
C/C++ Vulnerabilities
o Buffer Overflow
• Strings
• Countermeasures
• Integer Vulnerabilities
• Truncation
• Sign Error
• Countermeasures
o Pointer Subterfuge
o Dynamic Memory Management
o Stack Smashing
o GCC Extension to Protect Stack-Smashing Attacks
o Heap-Based Buffer Overflow
o Off By One/Five Errors
o Double Free Vulnerability
Secure Memory Allocation Tips
Symmetric Encryption

http://www.eccouncil.org EC-Council
 o Symmetric Encryption in C++
Blowfish Algorithm in C
Public Key Cryptography
o Public Key Cryptography in C++
Networking
o Creating an SSL Client in C++
o Creating an SSL Server
Random Number Generation Problem
Page 10

Anti-Tampering
o Anti-Tampering Techniques
Erasing Data from Memory Securely using C/C++
Preventing Memory From Being Paged to Disk
Using Variable Arguments Properly
Signal Handling
Encapsulation in C++
Best Practices for Input Validation
Code Profiling And Memory Debugging Tool: Val grind

Module VI: Secure Java and JSP Programming

Introduction to Java
JVM
Java Security
Sandbox Model
Security Issues with Java
o SQL Injection Attack
• SQL Injection using UNION

http://www.eccouncil.org EC-Council
 • Preventive Measures for SQL Injection
o URL Tampering

Page 11
o Denial-of-Service (DoS) Attack on Applet
• Sample Code for DoS Attack
• DoS by Opening Untrusted Windows
• Preventing DOS Attacks
o .Class File Format
o Byte Code Attack
o Reverse Engineering/ Decompilation by Mocha
o Obfuscation Tools: Jmangle
o Cinnabar Canner
Byte Code Verifier
Class Loader
o Building a SimpleClassLoader
Security Manager
jarsigner - JAR Signing and Verification Tool
Signing an Applet Using RSA-Signed Certificates
o Signing Tools
o Getting RSA Certificates
o Bundling Java Applets as JAR Files
o Signing Java Applets Using Jarsigner
o Signing Java Applets Using Netscape Signing Tool
Security Extensions
o Java Authentication and Authorization Service (JAAS)
o Java Cryptographic Extension (JCE)
o Java Cryptography Architecture

http://www.eccouncil.org EC-Council
 o JCE: Pseudo Code for Encryption
o JCE: Pseudo Code for Decryption
o Sample Code for Encryption and Decryption
o Java(TM) Secure Socket Extension (JSSE)
Creating Secure Client Sockets
Creating Secure Server Sockets
Choosing the Cipher Suites
Java GSS Security
Page 12

o Code for GSS Server

o Code for GSS Client
o Problem of Untrusted User Input
Security From Untrusted User Input
Cross Site Scripting
o Overcoming Cross Site Scripting Problem
Permissions in Java
o How to create new types of permissions?
Security Policy
o Specifying an additional Policy File at runtime
o Policy Tool
• Policy Tool: Creating a new Policy File
Best practices for developing secure Java Code

Module VII: Secure Java Script and VB Script Programming

Script: Introduction
JavaScript Vulnerability
o Cross-Site Scripting (XSS)

http://www.eccouncil.org EC-Council
 • How to Avoid XSS?
o JavaScript Hijacking
• Defending Against JavaScript Hijacking

Page 13
• Decline Malicious Requests
• Prevent Direct Execution of the JavaScript Response
• Malicious Script Embedded in Client Web Requests
• Tool: Thicket Obfuscator for JavaScript
JavaScript Security in Mozilla
• JavaScript Security in Mozilla: Same Origin Policy
o Same Origin Check
o JavaScript Security in Mozilla: Signed Script Policy
Netscape's SignTool
o Netscape’s SignTool: Signing a File
Privileges
Tool for Encryption: TagsLock Pro
JavaScript Shell (Jash): Javascript Command-Line Debugging Tool
Tool: Script Encoder
Tool: Scrambler
VBScript: CryptoAPI Tools
Signing A Script (Windows Script Host )
Verifying a Script
Signature Verification Policy
Software Restriction Policies for Windows XP
Step-by-Step Guide for Designing a Software Restriction Policy
Step-by-Step Guide for Creating Additional Rules
Rule for Blocking Malicious Scripts

http://www.eccouncil.org EC-Council
 Module VIII: Secure ASP Programming
ASP- Introduction
ASP Design Problems
Improving ASP Design
o Using Server-Side Includes
• Using Server-Side Includes: Example
• Using Server-Side Includes: Protecting the Contents of Include Files
Page 14

o Taking Advantage of VBScript Classes

o Using Server.Execute
o Using Server.Transfer
#include Directive
.BAK Files on the Server
Programming Errors
o Detecting Exceptions with Scripting Language Error-Handling Mechanisms
o Using VBScript to Detect an Error
o Using Jscript to Detect an Error
Notifying the Support Team When an Error Occurs Using CheckForError
Attacks on ASP
ASP DypsAntiSpam: A CAPTCHA for ASP
o How To Prevent Automatic Submission With DypsAntiSpam
o CAPTCHA: Examples
How to Use Database and ASP Sessions to Implement ASP Security
o Step 1: Create A User Database Table
o Step 2: Create And Configure The Virtual Directory
o Step 3: Create The Sample Pages

http://www.eccouncil.org EC-Council
 o Step 4: Add Validation Code To Pages
Protecting Your ASP Pages

Page 15
o Encoding ASP Code: Script Encoder
o Protecting Passwords of ASP Pages with a One-way Hash Function
ASP Best Practices
o ASP Best Practices: Error Handling

Module IX: Secure Microsoft.NET Programming

Common Terminology
Microsoft .NET: Introduction
.NET Framework
o .NET Framework Security Policy Model
Security Policy Levels
Security Features in .NET
Key Concepts in .NET Security
Code Access Security (CAS)
Evidence-Based Security
Role-Based Security
o Role-Based Security: Windows Principal
o Role-Based Security: Generic principal
Declarative and Imperative Security
Cryptography
Generate Key for Encryption and Decryption
o Symmetric Encryption in .Net
o Asymmetric Encryption in .Net
o Symmetric Decryption in .Net

http://www.eccouncil.org EC-Council
 o Asymmetric Decryption in .Net
Protecting Client and Server Data Using Encryption
Cryptographic Signatures
o Write a Signature in .Net
o Verify a Signature in .Net
Ensuring Data Integrity with Hash Codes
o Hash Code Generation
o Verification of Hash Code
Page 16

Permissions
o Code Access Permissions
o Identity Permissions
o Role-Based Security Permissions
SkipVerification
Stack Walk
Writing Secure Class Libraries
Runtime Security Policy
Step-By-Step Configuration of Runtime Security Policies
Creating a Security Policy Deployment Package
Type Safety
Canonicalization
Access Control List Editor
Securing User Credentials and Logon Information
Obfuscation
Dotfuscator: .NET Obfuscator Tool
Administration Tool: Authorization Manager (AzMan) with ASP.Net
ASP.NET Security Architecture

http://www.eccouncil.org EC-Council
 Authentication and Authorization Strategies
o URL Authorization

Page 17
o File Authorization
o Windows Authentication
o Forms Authentication
o Passport Authentication
o Custom Authentication
o Implementing Custom Authentication Scheme
Configuring Security with Mscorcfg.msc
Process Identity for ASP.NET
Impersonation
o Impersonation Sample Code
Secure Communication
Storing Secrets
o Options for Storing Secrets in ASP.NET
Securing Session and View State
Web Form Considerations
Securing Web Services
Secure Remoting
o Create a Remotable Object
Secure Data Access
.NET Security Tools
Code Access Security Policy Tool
o Caspol.exe
o Caspol.exe Parameters
Certificate Creation Tool: Makecert.exe

http://www.eccouncil.org EC-Council
 o Options in Makecert.exe
Certificate Manager Tool: Certmgr.exe
Certificate Verification Tool: Chktrust.exe
Permissions View Tool: Permview.exe
PEVerify Tool: Peverify.exe
Best Practices for .NET Security

Module X: Secure PHP Programming

Page 18

Introduction to PHP (Hypertext Preprocessor)

o PHP Security Blunders
o Unvalidated Input Errors
o Solution for Access Control Flaws
o Solution for Session ID Protection
o Error Reporting
o Data Handling Errors
o Security Sensitive PHP Functions: File Functions
o Security Sensitive PHP Functions: ezmlm_hash
PHP Vulnerabilities
o Informational Vulnerabilities
o Common File Name Vulnerability
o Revealed Source Code Vulnerability
o Revealing Error Message Vulnerability
o Sensitive Data in Web Root Vulnerability
o Session File in Shared Server Vulnerability
o Sensitive Data in Globally Readable File Vulnerability
o Revealing HTML Comment Vulnerability

http://www.eccouncil.org EC-Council
 o Web Application Fingerprint Vulnerability
o Packet Sniffing Vulnerability

Page 19
o Attack Vulnerabilities
o Global Variable Vulnerability
o Default Password Vulnerability
o Online Backup Vulnerability
Common PHP Attacks
o Remote Code Execution
o Cross-Site Scripting Attack (CSS)
o Cross Site Scripting Attack: Example
o Cross-Site Request Forgeries (CSRF, Sea-Surf or XSRF)
o Workaround for Cross-Site Request Forgeries
o SQL Injection
o Defending SQL Injection Attacks
o PHP Configuration Attacks
o Preventing PHP Configuration Attacks
o File System Attacks
o Defending File System Attacks
o Information Gathering Attacks
o PHP Injection Attacks
Secure PHP Practices
o Safe Mode
o Disable Register Globals
o Validating Input
o PHP Input Filter Class
Best Practices for PHP Security

http://www.eccouncil.org EC-Council
 PHP Tools
o Acunetix Web Vulnerability Scanner
o Encryption Software: PHP Code Lock
o Zend Guard
o POBS stands for PHP Obfuscator/Obscurer

Module XI: Secure PERL Programming

Common Terminology
Page 20

Introduction: Practical Extraction and Report Language (PERL)

Security Issues in Perl Scripts
Basic User Input Vulnerabilities
Overcoming Basic User Input Vulnerabilities
Insecure Environmental Variables
Algorithmic Complexity Attacks
Perl: Taint, Strict, and Warnings
o Taint Mode
o How Does Taint Mode Work?
o Taint Checking
o Using Tainted Data
o Securing the Program Using Taint
o Strict Pragma
Setuid
o Setuid Sample Code
o Setuid: Authenticating the user
o Security bug with Setuid
The Perl crypt() Function

http://www.eccouncil.org EC-Council
 Logging Into a Secure Web Site with Perl Script
Secure Log-in Checklist

Page 21
Program for Secure Log-in
Securing open() Function
Unicodes
Displaying Unicode As Text

Module XII: Secure XML, Web Services and AJAX Programming

Web Application and Web Services
Web Application Vulnerabilities
o Coding Errors
o Design Flaws
XML- Introduction
XSLT and XPath
XML Signature
o Applying XML Signatures to Security
An Enveloped, Enveloping and Detached XML Signature Simultaneously
XML Encryption
o The abstract <Encrypted-Type> Element
Security Considerations for the XML Encryption Syntax
Canonicalization
Validation Process in XML
XML Web Services Security
o XML-aware Network Devices Expand Network Layer Security
Security of URI in XML
Security of Opaque Data in XML

http://www.eccouncil.org EC-Council
 Growth of XML as Percentage of Network Traffic
XML Web Services Security Best Practices
XML Security Tools
o V-Sentry
o Vordel SOAPbox
AJAX- Introduction
Anatomy of an AJAX Interaction (Input Validation Example)
AJAX: Security Issues
Page 22

How to Prevent AJAX Exploits

Tool: HTML Guardian ™
Tool: Sprajax- AJAX Security Scanner
Tool: DevInspect

Module XIII: Secure RPC, ActiveX and DCOM Programming

RPC Introduction
o RPC Authentication
o RPC Authentication Protocol
o NULL Authentication
o UNIX Authentication
o Data Encryption Standard (DES) Authentication
• Data Encryption Standard (DES) Authentication on Server Side
o Diffie-Hellman Encryption
o Security Methods
o Security Support Provider Interface (SSPI)
o Security Support Providers (SSPs)
• Writing an Authenticated SSPI Client

http://www.eccouncil.org EC-Council
 • Writing an Authenticated SSPI Server
o Secure RPC Protocol

Page 23
o RpcServerRegisterAuthInfo Prevents Unauthorized Users from Calling your Server
o RPC Programming Best Practices
o Make RPC Function Calls
• Making RPC Function Calls: Using Binding Handles
• Making RPC Function Calls: Choose the Type of Binding Handles and Choose a
Protocol Sequence
• Use Context Handles
o Deal of RPC With Network
o Write a Secure RPC Client or Server
ActiveX Programming: Introduction
o Preventing Repurposing
o SiteLock Template
o IObjectSafety Interface
o Code Signing
o How to Create Your Own Code Signing Certificate and Sign an ActiveX Component
in Windows
o Protecting ActiveX Controls
DCOM: Introduction
o Security in DCOM
o Application-Level Security
o Security by Configuration
o Programmatic Security
o Run As a Launching user
o Run As a Interactive User
o Run As a Specific User

http://www.eccouncil.org EC-Council
 o Security Problem on the Internet
o Security on the Internet
o Heap Overflow Vulnerability
o Workarounds for Heap Overflow Vulnerability
o Tool: DCOMbobulator
o DCOM Security Best Practices

Module XIV Secure Linux Programming

Page 24

Introduction
Is Open Source Good for Security?
Linux – Basics
Linux File Structure
Basic Linux Commands
Linux Networking Commands
Linux Processes
POSIX Capabilities
o UTF-8 Security Issues
o UTF-8 Legal Values
Advantages of Security Functionality
o Security Audit
o Communication
o Encryption
o Identification and Authentication
o Security Management
Requirements for Security Measure Assurance
o Enabling Source Address Verification

http://www.eccouncil.org EC-Council
 o iptables and ipchains
o Code to save the ipv6tables state

Page 25
o Controlling Access by MAC Address
o Permitting SSH Access Only
Network Access Control
o Layers of Security for Incoming Network Connections
o Prohibiting Root Logins on Terminal Devices
o Authentication Techniques
o Authorization Controls
o Running a Root Login Shell
o Protecting Outgoing Network Connections
o Logging in to a Remote Host
o Invoking Remote Programs
o Copying Remote Files
Public-key Authentication between OpenSSH Client and Server
o Authenticating in Cron Jobs
o Protecting Files
o File Permissions
o Shared Directory
o Encrypting Files
o Listing Keyring
o Signing Files
o Encrypting Directories
POP/IMAP Mail Server
Testing an SSL Mail Connection
Securing POP/IMAP with SSL and Pine

http://www.eccouncil.org EC-Council
 SMTP Server
Testing and Monitoring
o Testing Login Passwords (John the Ripper)
o Testing Login Passwords (CrackLib)
o Testing Search Path
o Searching Filesystems Effectively
o Finding Setuid (or Setgid) Programs
o Securing Device Special Files
Page 26

o Looking for Rootkits

o Tracing Processes
o Observing Network Traffic
o Detecting Insecure Network Protocols
o Detecting Intrusions with Snort
o Log Files (syslog)
o Testing a Syslog Configuration
o Logwatch Filter
Linux Security Best Practices
Structure Program Internals and Approach
Minimize Privileges Sample Code
Filter Cross-Site Malicious Content on Input
Filter HTML/URIs that may be Re-Presented
Avoid Buffer Overflow
Language−Specific Issues
o C/C++
o C/C++ (cont’d)
o Dangers in C/C++

http://www.eccouncil.org EC-Council
 o Sample Codes
o Perl

Page 27
o Perl (cont’d)
o Ada
o Java
o Java (cont’d)
o Tcl
o Tcl Sample Code
o PHP
o PHP (cont’d)
Linux Security Tools
o Linux Application Auditing Tool: grsecurity
o grsecurity Configuration

Module XV: Secure Linux Kernel Programming

Introduction
What to do after Building Kernel?
Linux Kernel Configuration Menu
Steps to compile a Linux Kernel
o Compiling the Kernel

Module XVI: Secure Xcode Programming

Introduction to Xcode
Mac OS X applications
o Cocoa
o Carbon

http://www.eccouncil.org EC-Council
 o AppleScript
o Script Editor
o Script Window
o CDSA
Secure Transport API Set and Cryptographic Service Provider (CSP)
Creating SSL Certificate on Mac OS X Server
o Using SSL with the Web Server
o Setting up SSL for LDAP
Page 28

Protecting Security Information

Security in Mac OS X
Security Management Using System Preferences
Authentication Methods
Encrypted disk images
Networking Security Standards
Personal firewall
Checklist of recommended steps required to secure Mac OS X

Module XVII: Secure Oracle PL/SQL Programming

Introduction: PL/SQL
PL/SQL in Oracle Server
Security Issues in Oracle
o SQL Injection
o Defending SQL Injection Attacks
o SQL Manipulation
o Code Injection Attack
o Function Call Injection Attack

http://www.eccouncil.org EC-Council
 o Buffer Overflow and Other Vulnerabilities
o DBMS_SQL in PL/SQL

Page 29
o Prevent DBMS_SQL in PL/SQL
Types of Database Attacks
Establishing Security Policies
Password Management Policy
o Password Management policy: Password History
Auditing Policy
Oracle Policy Manager
Oracle Label Security (OLS)
Create an Oracle Label Security Policy
o Step 1: Define the Policy
o Step 2: Define the Components of the Labels
o Step 3: Identify the Set of Valid Data Labels
o Step 4: Apply Policy to Tables and Schemas
o Step 5: Authorize Users
o Step 6: Create and Authorize Trusted Program Units (Optional)
o Step 7: Configure Auditing (Optional)
Using Oracle Label Security with a Distributed Database
Oracle Identity Management
Security Tools
Secure Backups: Tool
Encryption and Its Types: Obfuscation
Obfuscation Sample Code
Encryption Using DBMS_CRYPTO
Advanced Security Option

http://www.eccouncil.org EC-Council
 Row Level Security
Oracle Database Vaults: Tool
Auditing
o Auditing Methods
o Audit Options
o View Audit Trail
o Oracle Auditing Tools
o Fine-Grained Auditing (FGA)
Page 30

Testing PL/SQL Programs

SQL Unit Testing Tools: SPUnit
SQL Unit Testing Tools: TSQLUnit
SQL Unit Testing Tools: utPLSQL
Steps to Use utPLSQL

Module XVIII: Secure SQL Server Programming

Introduction
SQL Server Security Model
o SQL Server Security Model: Login
Steps to Create a SQL Server Login
Database User
Guest User
Permissions
Database Engine Permissions Hierarchy
Roles
o Public Role
o Predefined Roles

http://www.eccouncil.org EC-Council
 Fixed Server Roles
Fixed Database Roles
User-Defined Roles

Page 31
Application roles
Security Features of MS-SQL Server 2005
SQL Server Security Vulnerabilities:
o Buffer Overflow in pwdencrypt()
o Extended Stored Procedures Contain Buffer Overflows
SQL Injection
Prevent SQL Injection
Sqlninja:
o SQL Server Injection & Takeover Tool
o Finding Target
Data Encryption
Built-in Encryption Capabilities
Encryption Keys
Encryption Hierarchy
Transact-SQL
Create Symmetric Key in T-SQL
Create Asymmetric Key in T-SQL
Certificates
Create Certificate in T-SQL
SQL Server Security: Administrator Checklist
Database Programming Best Practices
SQL Server Installation
o Authentication

http://www.eccouncil.org EC-Council
 o Authorization
Best Practices for Database Authorization
Auditing and Intrusion Detection
How to Enable Auditing
Database Security Auditing Tools:
o AppDetective
o NGSSquirrel
o AuditPro
Page 32

Module XIX: Secure Network Programming

Basic Network Concepts:
o Network
o Protocols
o Client Server Model
Basic Web Concepts
Network Programming
Benefits of Secure Network Programming
Network Interface
How to Secure Sockets:
o Server Program
o Client Program
Ports
UDP Datagram and Sockets
Internet Address
How to connect to secure websites
URL Decoder

http://www.eccouncil.org EC-Council
 Reading Directly from a URL
Content Handler

Page 33
Cookie Policy
RMI Connector
.Net : Internet Authentication
Network Scanning Tool: ScanFi www.securecentral.com
Network Programming Best Practices

Module XX: Windows Socket Programming

Introduction
Windows NT and Windows 2000 Sockets Architecture
Socket Programming
Client-Side Socket Programming
o The Socket Address Structure
The Socket Address Structure: Code Analysis
Initializing a Socket and Connecting
Server-Side Socket Programming
Creating a Server
Winsock 2.0
Winsock Linking Methods
Starting a Winsock 2 API
Accepting Connections:
o AcceptEx
WinSock: TransmitFile and TransmitPackets
Grabbing a Web Page Using Winsock
Generic File – Grabbing Application

http://www.eccouncil.org EC-Council
 Writing Client Applications
TCP Client Application Sample Code
Writing Server Applications
TCP Server Application Sample Code
Winsock Secure Socket Extensions
o WSADeleteSocketPeerTargetName
o WSAImpersonateSocketPeer
o WSAQuerySocketSecurity
Page 34

o WSARevertImpersonation
o WSASetSocketPeerTargetName
o WSASetSocketSecurity Function
SOCKET_SECURITY_SETTINGS
Case Study: Using WinSock to Execute a Web Attack
Case Study: Using Winsock to Execute a Remote Buffer Overflow
MDACDos Application

Module XXI: Writing Shellcodes

Introduction
Shellcode Development Tools
Remote Shellcode
Port Binding Shellcode
FreeBSD Port Binding Shellcode
Clean Port Binding Shellcode
o Clean Port Binding Shellcode: sckcode
Socket Descriptor Reuse Shellcode
o Socket Descriptor Reuse Shellcode in C

http://www.eccouncil.org EC-Council
 o Socket Descriptor Reuse Shellcode: Sample Code
Local Shellcode

Page 35
execve
Executing /bin/sh
Byte Code
setuid Shellcode
chroot Shellcode
o Breaking of chroot jails in Traditional Way
o Breaking Out of Chroot Jails on Linux Kernels
Windows Shellcode
Shellcode Examples
Steps to Execute Shell Code Assembly
The Write System Call
o Linux Shellcode for “Hello, world!”
o The Write System Call in FreeBSD
execve Shellcode in C
o FreeBSD execve jmp/call Style
o FreeBSD execve Push Style
o FreeBSD execve Push Style, Several Arguments
Implementation of execve on Linux
Linux Push execve Shellcode
System Calls
o The Socket System Call
o The Bind System Call
o The Listen System Call
o The Accept System Call

http://www.eccouncil.org EC-Council
 o The dup2 System Calls
o The execve System Call
Linux Port Binding Shellcode
Compile, Print, and Test Shellcode
Reverse Connection Shellcode
Socket Reusing Shellcode
Linux Implementation of Socket Reusing Shellcode
Reusing File Descriptors
Page 36

setuid Root
o setuid Root: Executing the Program
o setuid Root: System calls used by the program
Using ltrace utility
Using GDB
Assembly Implementation
SysCall Trace
RW Shellcode
Encoding Shellcode
Decoder Implementation and Analysis
Decoder Implementation Program
Results of Implementation Program
OS-Spanning Shellcode
Assembly Creation

Module XXII: Writing Exploits

Introduction

http://www.eccouncil.org EC-Council
 Targeting Vulnerabilities
o Remote and Local Exploits

Page 37
o A Two-Stage Exploit
Format String Attacks
o Example of a Vulnerable Program
Using %n Character
Fixing Format String Bugs
o Case Study: xlockmore User-Supplied Format String Vulnerability CVE-2000-0763
TCP/IP Vulnerabilities
Race Conditions
o File Race Conditions
o Signal Race Conditions
Case Study: ‘man’ Input Validation Error
Writing Exploits and Vulnerability Checking Programs
o Writing Exploits and Vulnerability Checking Programs Sample Code
Stack Overflow Exploits
o Memory Organization
o Stack Overflows
o Finding Exploitable Stack Overflows in Open-Source Software
o Finding Exploitable Stack Overflows in Closed-Source Software
Heap Corruption Exploits
o Doug Lea Malloc
o Freed Dlmalloc Chunk
o Vulnerable Program Example
o Figures: Fake Chunk, Overwritten Chunk
Case Study: OpenSSL SSLv2 Malformed Client Key Remote Buffer Overflow Vulnerability CAN-

http://www.eccouncil.org EC-Council
 2002-0656
Exploitation
Exploitation Sample Code
The Complication
Improving the Exploit
Integer Bug Exploits
Integer Wrapping
Program: Addition-Based Integer Wrapping
Page 38

Multiplication-Based Integer Wrapping

Bypassing Size Checks
o Signed Size Check Without Integer Wrapping
Using the Metasploit Framework
Determining Attack Vector
Finding the Offset: Overwriting the Return Address
The First Attack String
Overwriting EIP with a Known Pattern
Selecting a Control Vector
Finding a Return Address
Selecting the Search Method in the Metasploit Opcode Database
Search Method in Metasploit Opcode Database
Using the Return Address
o Inserting the Return Address
o Verifying Return Address Reliability
Nop Sleds: Increasing Reliability with a Nop Sled
Choosing a Payload and Encoder

http://www.eccouncil.org EC-Council
 o Listing Available Payloads
o Determining Payload Variables

Page 39
o Generating the Payload
o msfencode Options
List of Available Encoders
Choosing a Payload and Encoder: msfencode Results
msfweb Payload Generation
Setting msfweb Payload Options
msfweb Generated and Encoded Payload
Integrating Exploits into Framework

Module XXIII: Programming Port Scanners and Hacking Tools

Port Scanner
o Working of a Simple Port Scanner
o Prerequisites for Writing a Port Scanner
o Port Scanner in C++
o Port Scanner in C#
o Building a Simple Port Scanner in VC++
o Port Scanner in Java
o Example JavaScript Port Scanner
o Port Scanner in ASP.Net
o Port Scanner in Perl
o Port Scanner in PHP
o UDP Port Scanning in PHP
o Port Scanner in XML
Coding for Ethereal

http://www.eccouncil.org EC-Council
 o libpcap
• Capturing Packets
o Packet Capturing Example
o Saving Captured Packets to a File
o The wiretap Library
o Adding a new file format to the wiretap library
o wtap Struct
o Setting up a New Dissector
Page 40

o Programming the Dissector

o Adding a tap Module
Coding for Nessus
o Nessus Attack Scripting Language (NASL)
o Writing Personal-Use Tools in NASL
o Programming in the Nessus Framework
o Porting to and from NASL
• Porting to NASL
• Porting from NASL
Extending Metasploit
o Metasploit Framework (MSF)
o msfweb Interface
o Selecting the Exploit Module
o msfconsole Interface
o Using msfconsole Interface
o Steps Involved in Executing an Exploit under msfconsole
o msfcli Interface

http://www.eccouncil.org EC-Council
 o Using msfcli Interface
o Updating the MSF

Page 41
Writing Snort rules
o Writing Basic Rules
o The Rule Header
o Rule Options
o Writing Advanced Rules: Perl-Compatible Regular Expressions (PCRE)
o Byte_test and Byte_jump
o Optimizing Rules
o Testing Rules
o Writing Detection Plugins
Netcat Source Code

Module XXIV: Secure Mobile phone and PDA Programming

Mobile Phone Programming
Different OS Structure in Mobile Phone
o Symbian Operating System
• Guidelines for Securing Symbian OS
o PalmOS
• PalmOS Vulnerabilities
• HotSync Vulnerability
• Creator ID Switching
o Windows Mobile
• Calling Secure Web Services
• Security Practices for Windows Mobile Programming
Comparison of Common Programming Tasks

http://www.eccouncil.org EC-Council
 PDA Programming
o PDA Security Issues
o Security Policies for PDAs
o PDA Security Products
o PDA Security Vendors
Java 2 Micro Edition(J2ME)
J2ME Architecture
J2ME Security Issues
Page 42

o CLDC Security
Mobile Information Device Profile (MIDP)
o MIDP Security
Programming the BlackBerry With J2ME
Security and Trust Services API (SATSA) for J2ME: The Security APIs
Certificate Enrollment in SATSA
o Generating a Private Key and Certificate Signing Request in SATSA
o Requesting the Signed Certificate (Verifying the CSR)
o Storing a Certificate into the Certificate Local Store
Data Integrity with Message Digests
o Generating a Message Digest
o Verifying a Message Digest
Authentication With Digital Signatures
o Signing a byte Array for Authentication Purposes
o Verifying a Digital Signature using SATSA
Data Confidentiality - Using Ciphers for Data Encryption
o Using Cipher to Encrypt Data using a Symmetric Encryption

http://www.eccouncil.org EC-Council
 o Using Cipher to Decrypt Data using a Symmetric Encryption
Security Issues in Bluetooth

Page 43
o Security Attacks in Bluetooth Devices
Bluetooth security
o Bluetooth Security : Key Management
o Tool: Bluekey
o Tool: BlueWatch
o Tool: BlueSweep
o Tool: Bluediving
o Tool: Smartphone Security Client
o Tool: BlueFire Mobile Security Enterprise Edition
Mobile Phone Security Tips
o Defending Cell Phones and PDAs Against Attack
Antivirus Tools for Mobile Devices
o F-Secure Antivirus for Palm OS

Module XXV: Secure Game Designing

Game Designing Introduction
Type of Games
o Console Games
o Mobile Games
o Online Games
o Off-line Games
o Wii Games
Threats to Online Gaming
Game Authoring Tools

http://www.eccouncil.org EC-Council
 o The 2D Shooter Game Creator
o Multimedia Fusion
o Adventure Game Studio
o Game Maker
o FPS Creator
o Stagecast Creator
o RPG Maker XP
o The Scrolling Game Development Kit
Page 44

o Visual3D.NET
Game Engine
Best Practices for Secure Game Designing

Module XXVI: Securing E-Commerce Applications

Purpose of Secure E-Commerce Application
E-Business Concepts: Secure Electronic Transaction (SET)
o Working of SET
Secure Socket Layer (SSL)
o SSL Certificates
o VeriSign SSL Certificates
o Entrust SSL Certificates
Digital Certificates
Digital Signature
o Digital Signature Technology
o Digital Signature Algorithm
• Signature Generation/Verification

http://www.eccouncil.org EC-Council
 • ECDSA, ElGamal Signature Scheme
HACKER SAFE® Certification

Page 45
o HACKER SAFE Technology
Guidelines for Developing Secure E-Commerce Applications

Module XXVII: Software Activation, Piracy Blocking and Automatic Updates

Software Activation: Introduction
o Process of Software Activation
o Software Activation: Advantages
o Activation Explained
o Online License Management Server
o Activation Policies
o Policy Control Parameters
Piracy
o Impacts of piracy
o Piracy Blocking
o Digital Right Management (DRM)
o Software Piracy Protection Strategies
o Copy protection for DVD
o Application Framework –DVD Copy Protection System
o Content Protection During Digital Transmission
o Watermark System Design Issues
o Economic Costs
o False Positives Rate
o Interaction with MPEG compression
o Detector Placement

http://www.eccouncil.org EC-Council
 o Copy Generation Management
o Tool: Crypkey
o EnTrial Key Generation
o EnTrial Distribution File
o EnTrial Product & Package Initialization Dialog
Windows Automatic Updates
o Options for Setting up Windows Automatic Updates on XP
o Automatic Updates Option on AVG Antivirus
Page 46

o Automatic Updates for Internet Explorer

o Automatic Updates for Mozilla Firefox

Module XX VIII: Secure Application Testing

Software Development Life Cycle (SDLC)
Introduction to Testing
Types of Testing
o White Box Testing
• Types of White Box Testing
• Dynamic White-Box Testing
• Integration Test
• Regression Testing
• System Testing
o Black Box Testing
o Load Testing
• Strategies For Load Testing
o Functional Testing

http://www.eccouncil.org EC-Council
 Testing Steps
o Creating Test Strategy

Page 47
o Creating Test Plan
o Creating Test Cases and Test Data
o Executing, Bug Fixing and Retesting
Classic Testing Mistakes
User Interface Errors
What Makes a Good User Interfaces
Use Automatic Testing and Tools
Generic Code Review Checklist
Software Testing Best Practices
Testing Tools
o QEngine
o WinRunner
o LoadRunner
Real Time Testing

Module XXIX: Writing Secure Documentation and Error Messages

Error Message
o Common Error Messages
o Error Messages: Categories
o Characteristics of a Good Error Message
Error Message in a Well-designed Application
Example of Good Error Message
Reasons for Different Perspectives for Error Messages
Error Message Usability Checklist

http://www.eccouncil.org EC-Council
 Guidelines For Creating Effective Error Messages
Best Practices while Designing Error Messages
Error Messages: Examples
Security Issues in an Error Message
Security Precautions in Documentation
Page 48

© 2007 EC-Council. All rights reserved.

This document is for informational purposes only. EC-Council MAKES NO WARRANTIES, EX-
PRESS OR IMPLIED, IN THIS SUMMARY. EC-Council logo is registered trademarks or trademarks
of EC-Council in the United States and/or other countries.

http://www.eccouncil.org EC-Council